On August 19, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released four detailed advisories concerning Industrial Control Systems (ICS). These advisories bring to light significant vulnerabilities affecting critical infrastructure sectors, notably energy and manufacturing. The identified vulnerabilities have Common Vulnerability Scoring System (CVSS) scores ranging from 5.8 to 9.8, indicating their severity and the urgent need for remediation.
Key Highlights:
1. CISA has issued four ICS advisories targeting vulnerabilities in Siemens, Tigo Energy, and EG4 systems, all integral to critical infrastructure.
2. The identified vulnerabilities, with CVSS scores reaching up to 9.8, could enable remote attacks and complete system compromises.
3. Immediate action is recommended: apply vendor-provided patches and implement network segmentation strategies.
Detailed Analysis of Siemens Vulnerabilities
Two advisories focus on Siemens products, each addressing distinct security concerns:
– Advisory ICSA-25-231-01: This advisory pertains to the Desigo CC Product Family and SENTRON Powermanager. It identifies a least privilege violation vulnerability (CWE-272), designated as CVE-2025-47809, with a CVSS v3.1 score of 8.2. The issue arises from the Wibu CodeMeter components present in multiple product versions (V5.0 through V8). This flaw allows for privilege escalation via the CodeMeter Control Center component immediately after installation.
– Advisory ICSA-25-231-02: This advisory addresses the Mendix SAML Module, highlighting an improper verification of cryptographic signature vulnerability (CWE-347). Identified as CVE-2025-40758, it carries a CVSS v3.1 score of 8.7. This vulnerability enables unauthenticated remote attackers to hijack accounts in specific Single Sign-On (SSO) configurations. Multiple versions of the Mendix platform are affected. To mitigate this issue, patches are available, requiring updates to versions V3.6.21, V4.0.3, or V4.1.2, depending on the deployment.
Vulnerabilities in Tigo Energy and EG4 Systems
The energy sector faces significant threats due to vulnerabilities in solar energy infrastructure:
– Advisory ICSA-25-217-02: This advisory focuses on Tigo Energy’s Cloud Connect Advanced devices, revealing three critical vulnerabilities:
– Hard-Coded Credentials (CWE-798): This flaw allows attackers to gain unauthorized access using embedded credentials.
– Command Injection (CWE-77): This vulnerability enables the execution of arbitrary commands on the device.
– Predictable Pseudo-Random Number Generator (PRNG) Seeds (CWE-337): This issue compromises cryptographic operations, making them predictable.
Among these, CVE-2025-7768 has the highest CVSS v4 score of 9.3, while CVE-2025-7769 and CVE-2025-7770 both have scores of 8.7.
– Advisory ICSA-25-219-07: This advisory pertains to EG4 Electronics inverters, identifying four distinct vulnerabilities:
– Cleartext Transmission (CWE-319): Sensitive information is transmitted without encryption, making it susceptible to interception.
– Firmware Integrity Issues (CWE-494): The firmware lacks proper integrity checks, allowing unauthorized modifications.
– Observable Discrepancies (CWE-203): The system reveals information that could aid attackers in crafting exploits.
– Authentication Bypass (CWE-307): Attackers can bypass authentication mechanisms, gaining unauthorized access.
The most critical of these, CVE-2025-46414, has a CVSS v4 score of 9.2. EG4 implemented server-side fixes for some vulnerabilities in April 2025.
Recommended Mitigation Strategies
To address these vulnerabilities, the following actions are recommended:
– Siemens Products: Update the CodeMeter components to version 8.30a. For the Mendix SAML Module, enable the UseEncryption configuration and update to the appropriate patched version as specified.
– Tigo Energy Devices: Tigo Energy is in the process of developing comprehensive fixes. Users should stay informed about updates and apply them promptly upon release.
– EG4 Electronics Inverters: EG4 has implemented server-side patches and plans to release new hardware by October 15, 2025. Users should plan for hardware upgrades and apply any interim patches provided.
CISA emphasizes the importance of a defense-in-depth strategy, which includes:
– Network Segmentation: Isolate critical systems from general network traffic to limit potential attack vectors.
– Secure Remote Access: Utilize Virtual Private Networks (VPNs) to secure remote connections.
– Firewall Implementation: Deploy firewalls to control and monitor incoming and outgoing network traffic.
Organizations should conduct thorough impact analyses and risk assessments before implementing these defensive measures. Continuous monitoring for suspicious activity is crucial. Any incidents should be reported to CISA to aid in correlation analysis and enhance collective security efforts.
As of now, there have been no public reports of exploitation for these specific vulnerabilities. This provides a critical window for organizations to implement the necessary remediation efforts and bolster their security posture.
